The above information is spurious data and has no bearing on whether you have a keylogger or trojan or virus or whatever. You can't prove your other accounts data isn't in the hands of Bad People(tm), you can only prove they haven't used that data to cause you pain...yet.

 

-----signature-----

I guess it's easier to claim some one has something on their computer rather then believe them.

I've ran everything that was recommended and nothing has been found on my machine. I also have changed my passwords to a minimum of 10 characters long with a combination of uppercase/lowercase letters, symbols, and numbers. I run Firefox (latest edition) with no-script and ad-block.

If you have any other recommendations then please provide them.

 

-----signature-----

What is this, Religion? It isn't about belief: only what you can objectively prove. The point of the previous comments (just in case you jumped in after the meat and potato posts) was about whether, after being hacked in one game, you could definitively prove you weren't subject to being hacked in other games without taking certain measures. Frankly, the rest of us couldn't care less whether you're clean or not -- we're just poking holes in the "facts" people are naively presenting as hard evidence.

 

-----signature-----

I guess you'd rather sit here and argue then help. Seems like that's what VN (especially VN WoW) has turned into these days. Nothing but a bunch of arrogant grumpy [TOS] who like to scare off anyone who is not in their inner-circle. To those who have helped, thanks!

 

-----signature-----

Agreed there. Though At least Gutter did offer another option with his link. I also tried it and came up clean. But it is nice to know another option is out there. What some people don't seem to think is that there are people who know what they are doing with computers and think everyone is a complete newb in dealing with viruses/spyware/rootkits/loggers etc.. (not you, Gutter, you offered an option, others just chose to flame)At the same time, Spooky, my account was still open when my account was compromised. That was the straw that broke the camels back as they say and then I cancelled my account. After putting a new authenticator on it that is.

 

-----signature-----

You both ran the full scan (not the quick scan), and did so while in safe mode?


If so, and you are still reporting clean, then awesome.


If we take malware completely off the table, then there are still several variables that need to be addressed.

1. Are you the only person that uses your account?

2. Are you the only person that ever uses that computer?

3. Do you use open wireless anywhere for connecting to WOW?

4. Do you use wireless in your home, in range of neighbors?

Again the thought is to eliminate as many possible venues as possible, so be honest please.

 

-----signature-----

1. Yes2. Desktop Yes - Laptop - My mother has used my laptop in the past. She has her own user account on it, no admin she does not play WoW. I check the laptop routinely for anything malicious when she borrows it. Always comes back clean. she has not used it in some time however.3. Desktop No (wired) - Used secure WPA2 wireless for laptop. Only used my laptop to play games over secure connections or wire. But TBH, i havent even used it since I got my tablet. If on an open connection, i tend to use HTTPS and avoid HTTP or use OpenVPN.4. Wireless is at the home. But only 1 neighbor in range, and it is an elderly couple. Wireless is locked down WPA2 - PSK/AES 256 12 character password on the router (upper/lower/number/symbol)I have done everything possible for a scan. Just need to face the fact this case it is not the end user. Yes Malware is a cause for a lot of it Trust me, I did full suites of scans, including the one you suggested. But lately with big companies getting hit by major hacking groups, is it that far fetched that they have stopped attacking the individual user and gone straight for the source?

 

-----signature-----

I know there have been plenty of people who say, quit playing for 1,2,6 months, and come back to a 'banned' account. We have collectively always found that to be suspicious at the very least, and recently I have given the hackers the benefit of the doubt as to them being very patient, and waiting for dormant periods in activity (as witness through a key logger) to strike.


Nothing can be ruled out with absolute certainty. Keep in mind also that (and I'm sure you are aware of this fully, but for the benefit of others) anti-virus software looks for two things: behavior, and known file names.


Behavior can be really easy to spot, depending on what it is. If a malicious program is trying to write to the boot sector, that shows up like a huge red flag, and most antivirus programs can "see" this type of behavior.

Known definitions are just that. A new trojan is designed, gets 'found', and then added to the 'list' for use in updated versions.


Behavior can also be really difficult to spot, if all it is doing is sending a few bytes of information to a certain location, intermingled with the other billions of bytes that we send and receive daily.

We are constantly seeing holes exploited in Windows, Adobe, and all kinds of common programs that people have running on their machines at all times. Alter one of those programs to do what you want, via security hole, and NO antivirus will pick it up.

Last August, Microshaft had to release an emergency patch to plug a serious hole in Windows itself. All a user had to do was VISIT a malicious site, and via the way website sounds were downloaded automatically, could be exposed to a trojan by simply visiting that site (never clicking on anything). Go to joebobs page, you have a trojan. Period.


In your situation, it almost appears that the individuals KNEW you had removed your authenticator, as they did the deed within 48 hours. In my mind there are 3 possibilities...

1. Inside job at Blizzard.
We get frustrated, and shout this, but we have to remember that Blizz can see the IP's that actually logged in to these 'hacked' accounts. They never tell us where they are from, but my guess is that if the were coming from a city where the have an office, it would be fairly obvious.

2. You have a keylogger, and nothing will detect it.
If the malicious program is 'better' than the tools used to attempt to remove it, it is not your fault. You have been diligent and taken every measure possible, but somehow still become infected. (possibly by a similar hole to the ones above), and nothing will find or remove it.

In this day and age, the only way to know for 100% certainty, is to format the drive.

3. With as many bogus emails that go to people, I have always wondered if somehow the email systems have been infected. I use Gmail. People use Hotmail, ISP mail, etc etc,. So what if Gmail has been infected, and every mail coming from Blizzard to anyone on Gmail is 'sniffed', and used in these operations.

Did you receive an Email 'confirming' the change to your account, when you dropped your authenticator?


Perhaps its a combination, I don't know. what we do know, is that:

#1 could give both password and email used for login.
#2 could give both password and email used for login.
#3 gives email, and information regarding the account (like a dropped authenticator), but usually will not have password in it.

Somehow the hackers got both, and 2 seems much much much more likely than 1, however 1 is not out of the realm of possibility. But if those records were accessed from inside Blizzard, they would more than likely have record of it.


If I were to have an account hacked, I personally would not hesitate to format. It is the one thing I can do that doesn't depend on updated definitions, Blizzard finding an inside culprit, or Gmail increasing its security.

And then of course, get the authenticator back on the account ASAP.

(and stop dropping your phone in the tub !!!)

 

-----signature-----

My answers are in bold. I appreciate all the help you're providing!

 

-----signature-----

That word does not mean what you think it means.

 

-----signature-----